/ Published in: PHP

Pass a user-inputted variable to this function in order to prevent SQL injection. Example:
mysql_query("INSERT INTO table VALUES('" . sql_sanitize($_POST["variable") . "')");
Instead of:
mysql_query("INSERT INTO table VALUES('" . $_POST["variable"] . "'");
mysql_query("INSERT INTO table VALUES('" . sql_sanitize($_POST["variable") . "')");
Instead of:
mysql_query("INSERT INTO table VALUES('" . $_POST["variable"] . "'");
Comments
